Comment 2 for bug 872446

Jamie, can you describe how you hit this, as I'm unable to reproduce it. In the example below auditd is not running:

$ cat tmp/my.sh
#!/bin/sh

cat "$@" > /dev/null

$ cat /etc/apparmor.d/home.ubuntu.tmp.my.sh
# Last Modified: Mon Mar 26 10:59:48 2012
#include <tunables/global>

/home/ubuntu/tmp/my.sh {
  #include <abstractions/base>

  /bin/cat rix,
  /bin/dash ix,
  /home/ubuntu/tmp/my.sh r,
}

$ sudo aa-status | grep my.sh
   /home/ubuntu/tmp/my.sh
   /home/ubuntu/tmp/my.sh//null-f

$ tmp/my.sh /etc/fstab
cat: /etc/fstab: Permission denied

$ sudo aa-logprof
Reading log entries from /var/log/syslog.
Updating AppArmor profiles in /etc/apparmor.d.
Enforce-mode changes:

Profile: /home/ubuntu/tmp/my.sh
Path: /etc/fstab
Mode: r
Severity: 3

  1 - #include <abstractions/evince>
 [2 - /etc/fstab]

(A)llow / [(D)eny] / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts
Adding /etc/fstab r to profile.

Profile: /home/ubuntu/tmp/my.sh
Path: /etc/resolv.conf
Mode: r
Severity: 2

  1 - #include <abstractions/nameservice>
 [2 - /etc/resolv.conf]

(A)llow / [(D)eny] / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts

Profile: /home/ubuntu/tmp/my.sh
Path: /etc/resolv.conf
Mode: r
Severity: 2

  1 - #include <abstractions/nameservice>
 [2 - /etc/resolv.conf]

(A)llow / [(D)eny] / (G)lob / Glob w/(E)xt / (N)ew / Abo(r)t / (F)inish / (O)pts
Adding /etc/resolv.conf r to profile.

= Changed Local Profiles =

The following local profiles were changed. Would you like to save them?

 [1 - /home/ubuntu/tmp/my.sh]

(S)ave Changes / [(V)iew Changes] / Abo(r)t

= Changed Local Profiles =

The following local profiles were changed. Would you like to save them?

 [1 - /home/ubuntu/tmp/my.sh]

(S)ave Changes / [(V)iew Changes] / Abo(r)t
Writing updated profile for /home/ubuntu/tmp/my.sh.

$ cat /etc/apparmor.d/home.ubuntu.tmp.my.sh
# Last Modified: Mon Mar 26 11:04:45 2012
#include <tunables/global>

/home/ubuntu/tmp/my.sh {
  #include <abstractions/base>

  /bin/cat rix,
  /bin/dash ix,
  /etc/fstab r,
  /etc/resolv.conf r,
  /home/ubuntu/tmp/my.sh r,

}

(note that resolv.conf access rejection was from a prior run of my.sh)